Useful PowerShell cmdlets to administer Office 365 Groups – Part 1

9th May 2018

Howdy Folks! As promised in previous blog post related to Office groups , I’m back now with some cool PowerShell cmdlets which should ease your work in managing Office 365 groups in your organization . If you’re new to Office 365 groups, I humbly request you to read in detail about Office 365 groups by accessing this link. I’ve tried my best to explain Office 365 groups there. Alright, let’s get started ….

Note: Before you can run all these PowerShell cmdlets below , you need to load the Exchange Online management shell by following this link .I’ve given a screenshot below for your reference .

Listed below are the operations that you can perform by following the PowerShell commands mentioned below.

1. Get the list of all the Office 365 groups in your tenant2. Remove an existing Office 365 group from the tenant3. To make changes to an existing Office 365 group4. Get the membership and ownership information of an Office 365 group /all the Office 365 groups in your tenant5. Get the list of all the Office 365 groups in descending order6. Get the list of all Private Office 365 groups in your tenant7. Get the list of deleted Office 365 groups in descending order8. Get the list of orphaned Office 365 groups in your tenant9. Retrieve the list of recently created Office 365 groups10. Update the quota of a new group if a team site exists11. Create new Directory Settings for Groups template12. Update the classifications for all the Office 365 groups13. Update the privacy of an Office 365 group based on its classification14. Determine where a group was provisioned (Planner, Yammer, Teams etc.)15. Get the list of Obsolete Office 365 groups in your tenant

So, let’s look into all these operations in detail below….

1. To get the list of all the Office 365 groups in your tenant:

Get-UnifiedGroup

2. To To remove an existing Office 365 group:

This will remove a specific Office 365 group from your tenant.

Remove-UnifiedGroup -Identity "Test Group"

3. To make changes to an existing Office 365 group in your tenant:

Set-UnifiedGroup

Ex 1: Set-UnifiedGroup -Identity "HR Team" -AccessType Private

This example changes the Office 365 Group named HR Team from a public group to a private group.

7. To get list of deleted Office 365 groups in descending order:

Note: To run this command, you need to do the below mentioned steps, else you would end up getting an error as shown in the image below. If you pay close attention to the cmdlet you would notice that this is related to Azure AD and hence you need to load the Azure AD PowerShell module for this.

I’d suggest performing these tasks in a different PowerShell window for ease of use.

1. Uninstall the production module of Azure AD by running, (Uninstall-Module AzureAD) as this cmdlet works with the preview module of Azure AD.

5. Once you’re done connecting to Azure AD, please go ahead and run the above-mentioned cmdlet to get the list of deleted Office 365 groups in descending order and you will get the results as shown in the image below. In my case I don’t have any deleted Office 365 group and hence it didn’t return anything.

IV. Once done to review if you have any settings already configured in your tenant, please run the below cmdlet.

Get-AzureADDirectorySetting | ForEach Values

Note:If you check the screenshot above you will notice that I have configured few directory settings such as “Usage Guidelines URL “and “Classification List “and I’ll be showing you how to configure that using PowerShell in the examples below.

V. If you do not have any settings configured the value returned will be blank as show in the screenshot below.

VI. Alright, now let’s see some examples to set group settings.

VII. All examples below will use the Get-AzureADDirectorySettingcmdlet and store that in a variable and then use the Set-AzureADDirectorySettingcmdlet with the updated settings. The full command to run a setting update is as follows. Also, I’d suggest to use PowerShell ISE for running these cmdlets for ease of usage.

In this scenario here, I created a security group named“Office 365 groups creation allowed” and I’ve added few members to it. So, by doing this I can grant access only to those members to create Office 365 groups and not to all the users in my organization. Also, an important point to bear in mind here is, if I’m restricting the creation of Office 365 groups then these users won’t be able to create a Team, a Planner, a Yammer group etc.

So, the users will be restricted by creating anything which creates an Office 365 group in the backend. So, from an end user perspective, the “create”button which you see in the screenshot below for creating Office 365 groups won’t be visible to them. The same applies for other services also, users won’t get the “Create Planner “or “Create Team” button once this option is enabled. This is one way to have control on Office 365 groups creation in your organization

In Teams, the “Create a Team“button won’t be visible for the users who are not part of that Security group which allows the creation of Office 365 groups.

In Planner, the “Create a Plan“button won’t be visible for the users who are not part of that Security group which allows the creation of Office 365 groups.

Similarly , as already explained above other services which creates an Office 365 group on the backend won’t be available for end users . By doing this you can have control over who gets to create an Office 365 groups and other services such as Teams and Planner in your organization .

In this scenario, we’re enabling the classification option so that you can classify your groups accordingly. Once this is done whenever you try to create an Office 365 group from the outlook webmail (provided that you have access to create Office 365 groups) you will get an option to choose the classification for that group also as shown in the image below. This could be useful from a compliance and governance perspective.

Once that’s done you can set the classification for an existing Office 365 by running the below PowerShell command.

Okay folks that all for now. Feel free to try these PowerShell scripts until I come up with a sequel to this blog with more scenarios and tweaks. Until then, have a great rest of the day. As always, feel free to comment what you feel.